[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GSE IDs [Re: IETF multihoming powder: just add IPv6 and stir]
Iljitsch,
As I've said before, the actual requirement is that the lower 64 bits
be mutually unique among the set of correspondents (two for normal cases,
N for p2p cases). But indeed it is a general point that non-topological
fields are more readily spoofed than topological fields, since
ingress filtering and RPF checks don't apply.
The consequence is not automatically that they can't be used, but that
if they are used, an additional layer (such as HIP) is needed. I think
that is what you should say.
Brian
Iljitsch van Beijnum wrote:
>
> On donderdag, mei 8, 2003, at 13:10 Europe/Amsterdam, marcelo bagnulo
> wrote:
>
> > I guess that what Brian means is that this (what you are describing) is
> > not GSE anymore, since it is not stateless (which is a fundamental
> > feature of GSE, as i see it)
>
> No disagreement there.
>
> > what you are describing sounds more like MHAP...
>
> Originally, I wanted to write something that encompasses both MHAP and
> GSE. But:
>
> "The original GSE and 8+8 drafts split the IPv6 address in two 64-bit
> parts. The lower part is used within the site or subnet. Routers add
> the higher 64 bits as packets leave the site. Since hosts don't know
> the higher 64 bits their correspondent will see, they must disregard
> these bits, which has the relatively minor consequence that the TCP
> and UDP pseudo header used in checksum calculations must be changed.
> A more severe consequence is that the lower 64 bits must now be
> globally unique. This in turn makes it very easy to perform spoofing
> attacks, as an attacker can simply present arbitrary lower bits,
> thereby assuming any desired identity, while setting the higher bits
> such that the packets are routed back to the attacker and not to the
> host identified by the lower 64 bits. This vulnerability, breaking
> autoconfiguration and, to a lesser degree, the transport layer
> checksums, make adopting GSE or 8+8 unfeasible and undesirable."
>
> Is there anyone who disagrees and feels stateless GSE is still viable?
>
> The letter combination "GSE" will not appear in the title. The
> preliminary title is "Multihoming in IPv6 by Rewriting Addresses".